If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ok, first of all thanks to Highlander for the link, I found it intresting reading and it definately demonstrates typical behaviour of a company when confronted with a problem like this.

As for the views regarding full-disclosure, I agree on all but the smaller details. I feel its nessacary to highlight the action I have taken before making this post as it would seem alot of people presume that I have jumped straight in at the deep end and just thrown it out there without any kind of consideration before hand.

I had sent them 2 emails with a good spacing of time between them (2-3 weeks), neither of which yielded a response, I then more recently tried to contact a more neutral party whom i have previously mentioned, they also ignored me.

Now either everybodies spam filter is turned on or someone thinks im joking or they simply don't care. The way I see it im trying to do them a favour and they're making it very difficult, I've even heard from a 3rd party that he phoned them and had a conversation with someone who claimed they were in the server room, however from the details elaborated it would seem that who ever it was, was more concerned about customers finding out than patching. Infact even as i write this the problem still exists and I find myself inclined to send yet another email just to try see if I can get any form of response.

As you correctly noted I do have a somewhat negative opinion of them, but this is more a result of how they've handled this situation than a motive for how it came about.

If you find yourself completely ignored *and* you have a fix then I'd say disclosing the details is just fine. In extreme cases, I also do this but *only* if I can provide a fix and only if I publish the details of my contact attempts with the vendor.

When you dump the details of an exploit out on a public list when there is no fix available, you haven't helped anyone other than the bad guys.

Thank you for posting.

--Th13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

It may have taken a while but I think the increased volume of complaints regarding the subject had finally come to their notice. Thanks to everyone who emailed them or submitted a complaint form, it makes the difference.

In a statement, the ISP said: "Wanadoo can confirm that a small number of links to files containing customer details have been posted on the internet. Wanadoo would like to reassure customers that this was an isolated incident and as soon as we were made aware of the problem, the information was removed from the public domain.

But according to Gammarays, they knew about the problem long before the posting of the links. So what they're really saying is, "We knew we had a problem, and as soon as we realized a whole bunch of other people knew we had a problem, we finally decided to fix it."

Which makes me wonder, is the biggest security problem on the internet technical or cultural?

Which makes me wonder, is the biggest security problem on the internet technical or cultural?

Excellent point.....

You will find the biggest security hole is always going to be users.....then lazy admins with the attitude...if it aint broke ...dont fix it.

Also...upper management....really doesnt seem to care about security...unless its gonna affect the bottom line....(I try and use the words "lawsuit" and "fine", "privacy act" alot in those types of meetings)....

"There are no technical solutions to administrative problems"

Hey I was just at a seminar on computer\network security...and heard a story how easy it was to social engineer into a banks system........physical access........all the passwords, routers and firewalls in the world aint gonna help out when someone walks out the door with your server.

MLF

How people treat you is their karma- how you react is yours-Wayne Dyer